Security Program Manager

The Calix platform enables Communication Service Providers (CSPs) of all sizes to transform and future-proof their businesses. Through real-time data, automation, and actionable insights delivered via Calix One — our cloud-first, AI-powered platform — CSPs can simplify operations, collapse cost, and accelerate innovation. Calix One brings together the automation of everything and the experience of one, empowering customers to deliver differentiated subscriber experiences while driving acquisition, loyalty, and revenue growth. This is the Calix mission: to enable CSPs of all sizes to simplify, innovate, and grow, strengthening both their businesses and the communities they serve.

We’re at the forefront of a once in a generational change in the broadband industry. Join us as we innovate, help our customers reach their potential, and connect underserved communities with unrivaled digital experiences.

Calix is seeking a highly motivated and experienced Security Program Manager to develop, implement, and manage our comprehensive security program.  In this role, you will define, implement, and oversee security programs that protect our assets, data, and reputation while ensuring compliance with industry regulations and internal policies. This pivotal role involves coordinating security efforts across multiple departments (IT, Engineering, Legal, Operations) to identify and manage vulnerabilities, mitigate risks, and ensure the ongoing protection of our customers, assets, and data. The ideal candidate will have strong leadership skills, a deep understanding of security best practices, and a proven track record of driving complex, cross-functional security initiatives.

Key Responsibilities

Program Management

• Plan, design, and oversee the execution of comprehensive security programs and projects from inception to completion, ensuring they are delivered on time and within budget.
• Define program metrics, KPIs, and reporting mechanisms to track effectiveness and present results to senior leadership.
• Lead security related‑ projects from conception through delivery, ensuring timelines, budgets, and quality criteria are met
• Serve as the primary point of contact for security inquiries and escalations.

Risk Management, Policy and Compliance

• Conduct risk assessments, threat modeling, and gap analyses; prioritize remediation efforts based on business impact.
• Ensure compliance with relevant regulations and standards (e.g., GDPR, CCPA, PCI DSS, HIPAA, SOX).
• Manage security audits and coordinate with external auditors and regulators.
• Partner with engineering, product management, platform engineering and business teams to implement, track and monitor security controls that remediate risks
• Develop, implement, and enforce security policies, procedures, and standards to ensure compliance with relevant laws and regulations (e.g., GDPR, HIPAA, ISO 27001, NIST).

Vulnerability Management

• Oversee, track and drive vulnerability remediation to meet established SLA’s
• Evaluate, select, and manage third-party‑ security vendors and service providers.
• Oversee the incident response lifecycle, including preparation, detection, containment, eradication, recovery, and post incident‑ analysis.
• Drive development of external communication in collaboration with stakeholders and senior leadership
• Drive root cause analysis and post-mortem investigations and implement lessons learned across the organization.
• Incident Response

• Oversee the incident response lifecycle, including preparation, detection, containment, eradication, recovery, and post incident analysis.
• Drive root cause investigations and long-term corrective actions as security projects across the organization.

Continuous Improvement

• Stay informed about emerging security threats, technologies, and industry trends, making recommendations for enhancements to the security program.

Required Qualifications

• Experience: 7+ years of progressive experience in information security, risk management, or related fields; at least 3 years in a program or project management capacity.
• Education: Bachelor’s degree in Computer Science, Information Security, Business Administration, or a related discipline (Master’s preferred).
• Certifications (preferred): PMP, PMI ACP, CISSP, CISM, CRISC, or equivalent.
• Technical Knowledge: Strong understanding of security frameworks (NIST CSF, ISO 27001), cloud security (AWS, GCP), network security, encryption, identity & access management, and emerging threat landscapes.
• Leadership & Communication: Proven ability to influence and drive consensus across diverse stakeholders; exceptional written and verbal communication skills.
• Analytical Skills: Ability to translate complex security concepts into actionable business recommendations.

Desired Attributes

• Strategic thinker with a hands-on approach to problem solving‑.
• Comfortable working in fast-paced, dynamic environments
• Team player and detailed oriented
• Ability to interact with both internal and external auditors for security audits
• Passion for continuous learning and staying current with security trends.

#LI-Remote

The base pay range for this position varies based on the geographic location. More information about the pay range specific to candidate location and other factors will be shared during the recruitment process. Individual pay is determined based on location of residence and multiple factors, including job-related knowledge, skills and experience.

San Francisco Bay Area:

156,400 - 265,700 USD Annual136,000 - 231,000 USD Annual